tika-core is vulnerable to denial of service. Entity expansion limits are not properly enforced for XML parsing which allows remote attackers to cause a denial of service condition via specially crafted XML input.
www.securityfocus.com/bid/105585
github.com/apache/tika/commit/148adec1016acc122fa5e972f75d7029376998d9
github.com/apache/tika/commit/4e67928412ad56333d400f3728ecdb59d07d9d63
lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E
security.netapp.com/advisory/ntap-20190903-0002/